<html xmlns="https://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="zh-CN" />
<link href="../style/css/manual-zip.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-zip-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
<title>mod_log_forensic － Apache 2.2 中文手册 [金步国]</title>
<script> var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d286c55b63a3c54a1e43d10d4c203e75"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })(); </script>
</head>
<body><div id="page-header">
<p class="menu"><a href="index.html">模块索引</a> | <a href="directives.html">指令索引</a> | <a href="../faq/index.html">常见问题</a> | <a href="../glossary.html">词汇表</a> | <a href="../sitemap.html">站点导航</a></p><p class="apache">Apache HTTP Server 版本2.2</p><img alt="" src="../images/feather.gif" /></div>
<div class="up"><a href="index.html"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
<div id="path"><a href="https://www.apache.org/">Apache</a> &gt; <a href="https://httpd.apache.org/">HTTP Server</a> &gt; <a href="https://httpd.apache.org/docs/">文档</a> &gt; <a href="../index.html">版本2.2</a> &gt; <a href="index.html">模块</a></div>

<div id="translation-info">　　 <a href="../translator_announcement.html#thanks">致谢</a> | 本篇译者：&lt;<a href="../translator_announcement.html#join">虚位以待</a>&gt; | 本篇译稿完成时间：?年?月?日</div>
<div id="page-content"><div id="preamble"><h1>Apache模块 mod_log_forensic</h1>

<table border="1" cellpadding="0" cellspacing="0" bordercolor="#AAAAAA" class="module">
<tr><th><a href="module-dict.html#Description">说明</a></th><td>实现"对比日志"，即在请求被处理之前和处理完成之后进行两次记录</td></tr>
<tr><th><a href="module-dict.html#Status">状态</a></th><td>扩展(E)</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">模块名</a></th><td>log_forensic_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">源文件</a></th><td>mod_log_forensic.c</td></tr>
<tr><th><a href="module-dict.html#Compatibility">兼容性</a></th><td><code class="module"><a href="mod_unique_id.html">mod_unique_id</a></code> is no longer required since
version 2.1</td></tr>
</table>
<h3>概述</h3>

    <p>This module provides for forensic logging of client
    requests. Logging is done before and after processing a request, so the
    forensic log contains two log lines for each request.
    The forensic logger is very strict, which means:</p>

    <ul>
    <li>The format is fixed. You cannot modify the logging format at
    runtime.</li>
    <li>If it cannot write its data, the child process
    exits immediately and may dump core (depending on your
    <code class="directive"><a href="mpm_common.html#coredumpdirectory">CoreDumpDirectory</a></code>
    configuration).</li>
    </ul>

    <p><code>check_forensic</code> script, which can be found in the
    distribution's support directory, may be helpful in evaluating the
    forensic log output.</p>
</div>
<div class="top"><a href="mod_log_forensic.html#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="formats" id="formats">Forensic Log Format</a></h2>
    <p>Each request is logged two times. The first time is <em>before</em> it's
    processed further (that is, after receiving the headers). The second log
    entry is written <em>after</em> the request processing at the same time
    where normal logging occurs.</p>

    <p>In order to identify each request, a unique request ID is assigned.
    This forensic ID can be cross logged in the normal transfer log using the
    <code>%{forensic-id}n</code> format string. If you're using
    <code class="module"><a href="mod_unique_id.html">mod_unique_id</a></code>, its generated ID will be used.</p>

    <p>The first line logs the forensic ID, the request line and all received
    headers, separated by pipe characters (<code>|</code>). A sample line
    looks like the following (all on one line):</p>

    <div class="example"><p><code>
        +yQtJf8CoAB4AAFNXBIEAAAAA|GET /manual/de/images/down.gif
        HTTP/1.1|Host:localhost%3a8080|User-Agent:Mozilla/5.0 (X11;
        U; Linux i686; en-US; rv%3a1.6) Gecko/20040216
        Firefox/0.8|Accept:image/png, <var>etc...</var>
    </code></p></div>

    <p>The plus character at the beginning indicates that this is the first log
    line of this request. The second line just contains a minus character and
    the ID again:</p>

    <div class="example"><p><code>
      -yQtJf8CoAB4AAFNXBIEAAAAA
    </code></p></div>

    <p><code>check_forensic</code> script takes as its argument the name
    of the logfile. It looks for those <code>+</code>/<code>-</code> ID pairs
    and complains if a request was not completed.</p>
</div><div class="top"><a href="mod_log_forensic.html#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="security" id="security">Security Considerations</a></h2>
    <p>See the <a href="../misc/security_tips.html#serverroot">security tips</a>
    document for details on why your security could be compromised
    if the directory where logfiles are stored is writable by
    anyone other than the user that starts the server.</p>
</div>
<div class="top"><a href="mod_log_forensic.html#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ForensicLog" id="ForensicLog">ForensicLog</a> <a name="forensiclog" id="forensiclog">指令</a></h2>
<table border="1" cellpadding="0" cellspacing="0" bordercolor="#AAAAAA" class="directive">
<tr><th><a href="directive-dict.html#Description">说明</a></th><td>Sets filename of the forensic log</td></tr>
<tr><th><a href="directive-dict.html#Syntax">语法</a></th><td><code>ForensicLog <var>filename</var>|<var>pipe</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">作用域</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">状态</a></th><td>扩展(E)</td></tr>
<tr><th><a href="directive-dict.html#Module">模块</a></th><td>mod_log_forensic</td></tr>
</table>
    <p><code class="directive">ForensicLog</code> directive is used to
    log requests to the server for forensic analysis. Each log entry
    is assigned a unique ID which can be associated with the request
    using the normal <code class="directive"><a href="mod_log_config.html#customlog">CustomLog</a></code>
    directive. <code class="module"><a href="mod_log_forensic.html">mod_log_forensic</a></code> creates a token called
    <code>forensic-id</code>, which can be added to the transfer log
    using the <code>%{forensic-id}n</code> format string.</p>

    <p>The argument, which specifies the location to which
    the logs will be written, can take one of the following two
    types of values:</p>

    <dl>
      <dt><var>filename</var></dt>
      <dd>A filename, relative to the <code class="directive"><a href="core.html#serverroot">ServerRoot</a></code>.</dd>

      <dt><var>pipe</var></dt>
      <dd>The pipe character "<code>|</code>", followed by the path
      to a program to receive the log information on its standard
      input. The program name can be specified relative to the <code class="directive"><a href="core.html#serverroot">ServerRoot</a></code> directive.

      <div class="warning"><h3>安全</h3>
      <p>If a program is used, then it will be run as the user who
      started <code class="program"><a href="../programs/httpd.html">httpd</a></code>. This will be root if the server was
      started by root; be sure that the program is secure or switches to a
      less privileged user.</p>
      </div>

      <div class="note"><h3>注意</h3>
        <p>When entering a file path on non-Unix platforms, care should be taken
        to make sure that only forward slashed are used even though the platform
        may allow the use of back slashes. In general it is a good idea to always
        use forward slashes throughout the configuration files.</p>
      </div></dd>
    </dl>

</div>
</div>
<div id="footer">
<p class="apache">本文允许自由的转载、引用、再分发，但必须保留译者署名并注明出处；详见：<a href="../translator_announcement.html#announcement">版权声明</a>。</p>
<p class="menu"><a href="index.html">模块索引</a> | <a href="directives.html">指令索引</a> | <a href="../faq/index.html">常见问题</a> | <a href="../glossary.html">词汇表</a> | <a href="../sitemap.html">站点导航</a></p></div>
</body></html>
